McAfee VCLCDE-AA-DA Product Guide - Page 18

Scanning files in remote storage, Scanning NTFS streams, Scanning protected files, Table 3-1

Get McAfee VCLCDE-AA-DA - VirusScan Command Line Scanner Standard PDF manuals and user guides View all McAfee VCLCDE-AA-DA manuals
Add to My Manuals
Save this manual to your list of manuals

Page 18 highlights

VirusScan® Command Line 5.20.0 Product Guide 3 Using the Command-Line Scanner Scanning files in remote storage Scanning files in remote storage Under some Microsoft Windows systems, files that are not in frequent use can be stored in a remote storage system, such as the Hierarchical Storage Management (HSM) system. However, when the files are scanned using the /DOHSM option, those files become in use again. To prevent this effect, you can include the /NORECALL option. In combination, these options request the stored file for scanning, but the file continues to reside in remote storage. The file is not transported back to local storage. Scanning NTFS streams Some known methods of file infection add the virus body at the beginning or the end of a host file. However, a stream virus exploits the NTFS multiple data streams feature in Windows NT and more recent Windows operating systems. For example, a Windows 95 or Windows 98 FAT file has only one data stream - the program code or data itself. In NTFS, users can create any number of data streams within the file - independent executable program modules, as well as various service streams such as file access rights, encryption data, and processing time. Unfortunately, some streams might contain viruses. The scanner can detect a stream virus in one of two ways; you can specify the full stream name, or you can include /STREAMS and specify either no stream name, or a part of a stream name using the wildcard characters ? and *. The following table shows the effect of different commands on a stream called FILE:STREAM that contains a virus. Table 3-1 Scanning streams Command SCAN /ALL /STREAMS FILE SCAN /ALL FILE:STREAM SCAN /ALL /STREAMS FILE:STREAM SCAN /ALL FILE:STR* SCAN /ALL /STREAMS FILE:STR* SCAN /ALL FILE Action All streams were scanned. The virus is detected. The exact stream name was specified. The virus is detected. The exact stream name was specified. The virus is detected. An exact stream name was not specified. The virus is not detected. All streams beginning with "str" are scanned. The virus is detected. No streams were named. The virus is not detected. Scanning protected files The scanner normally scans files such as other users' profiles and recycle bins. To prevent this type of scanning in Windows NT or later systems, use /NOBKSEM. 18

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
18
VirusScan
®
Command Line 5.20.0 Product Guide
Using the Command-Line Scanner
Scanning files in remote storage
3
Scanning files in remote storage
Under some Microsoft Windows systems, files that are not in frequent use can be
stored in a remote storage system, such as the Hierarchical Storage Management
(HSM) system. However, when the files are scanned using the
/DOHSM
option, those
files become
in use
again. To prevent this effect, you can include the
/NORECALL
option.
In combination, these options request the stored file for scanning, but the file
continues to reside in remote storage. The file is not transported back to local storage.
Scanning NTFS streams
Some known methods of file infection add the virus body at the beginning or the end
of a host file. However, a
stream
virus exploits the NTFS multiple data streams feature
in Windows NT and more recent Windows operating systems. For example, a
Windows 95 or Windows 98 FAT file has only one data stream — the program code or
data itself. In NTFS, users can create any number of data streams within the file —
independent executable program modules, as well as various service streams such as
file access rights, encryption data, and processing time.
Unfortunately, some streams might contain viruses. The scanner can detect a stream
virus in one of two ways; you can specify the full stream name, or you can include
/STREAMS
and specify either no stream name, or a part of a stream name using the
wildcard characters
?
and
*
.
The following table shows the effect of different commands on a stream called
FILE:STREAM
that contains a virus.
Scanning protected files
The scanner normally scans files such as other users’ profiles and recycle bins. To
prevent this type of scanning in Windows NT or later systems, use
/NOBKSEM
.
Table 3-1
Scanning streams
Command
Action
SCAN /ALL /STREAMS FILE
All streams were scanned.
The virus is detected.
SCAN /ALL FILE:STREAM
The exact stream name was specified.
The virus is detected.
SCAN /ALL /STREAMS FILE:STREAM
The exact stream name was specified.
The virus is detected.
SCAN /ALL FILE:STR*
An exact stream name was
not
specified.
The virus is not detected.
SCAN /ALL /STREAMS FILE:STR*
All streams beginning with “str” are
scanned.
The virus is detected.
SCAN /ALL FILE
No streams were named.
The virus is not detected.